Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Laptop (was) Infected with Privacy Protection virus/malware

Started by nehac , Nov 23 2011 06:14 PM

  • Please log in to reply

#16
nehac
Posted 27 November 2011 - 12:05 PM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Here is the OTL log from my desktop. Thank you for checking these for me

OTL logfile created on: 27/11/2011 12:52:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 57.63% Memory free
6.07 Gb Paging File | 4.83 Gb Available in Paging File | 79.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 52.37 Gb Free Space | 37.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.92 Gb Free Space | 49.19% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 12:50:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/01/13 06:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 06:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1200518764\ee\aolsoftware.exe
PRC - [2009/09/03 09:50:06 | 003,327,488 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files\TurboHddUsb\TurboHddUsb.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 21:30:22 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 06:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/01 10:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 10:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:22 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/14 08:58:10 | 000,225,592 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/03 09:50:10 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/03 09:50:06 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/07/14 17:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/29 04:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/04/19 13:13:00 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2007/03/17 10:41:50 | 000,101,160 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/29 17:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...en-ca&OCID=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "http://plasmoo.com/i...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.8.0.8
FF - prefs.js..extensions.enabledItems: [email protected]:2.8.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Neha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 20:33:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/16 20:33:00 | 000,000,000 | ---D | M]

[2008/06/19 18:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Extensions
[2011/11/10 14:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions
[2011/11/10 14:57:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/07 14:40:05 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/10/14 10:27:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/08 06:36:59 | 000,000,000 | ---D | M] (LiveClick) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}
[2011/09/22 10:48:21 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2009/09/05 04:24:50 | 000,002,255 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\askcom.xml
[2009/03/13 17:47:14 | 000,001,632 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\live-search.xml
[2011/04/28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\plasmoo.xml
[2011/11/14 13:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/14 13:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/14 13:07:06 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Neha\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Neha\AppData\Local\Google\Chrome\Application\14.0.835.202\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Neha\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Neha\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Neha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.23_0\
CHR - Extension: Browser Button for AdBlock = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\picdndbpdnapajibahnnogkjofaeooof\0.0.13_0\

O1 HOSTS File: ([2011/05/26 15:34:29 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A83CB25-9719-4FAF-9CFB-04D587A3997E}: DhcpNameServer = 205.188.146.145
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{06168e27-cc8d-11dc-b404-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{06168e27-cc8d-11dc-b404-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 12:50:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2011/11/25 11:34:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BECD0A3B-9CCA-4F26-A52F-E1C137685911}
[2011/11/25 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{2EC36F31-7E35-4D9A-9628-5926369E3521}
[2011/11/24 11:33:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C81209D5-BD19-46F4-AD5D-B0256CB3E971}
[2011/11/24 11:33:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{FCE40A94-C62D-4C06-953B-B4E64F6B0D5C}
[2011/11/23 22:06:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{1374563D-9E84-4905-B02B-3C702B75532D}
[2011/11/23 22:06:07 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3A19F2D5-C76E-408B-B890-82521470300E}
[2011/11/23 08:45:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B9D48251-AFB8-446F-8632-2930E3E76D64}
[2011/11/23 08:45:54 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BA7F4BCB-CD7D-4F1D-8EC6-F59B8ECF360A}
[2011/11/22 07:36:49 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{04A831D6-E60A-4DF1-B7F5-412F144BE45A}
[2011/11/22 07:36:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B757EB50-6765-47B2-BFD9-B12CC10C8E8B}
[2011/11/21 07:00:31 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{0F84D4D1-FBFE-4D66-B76E-465D2169DB70}
[2011/11/21 07:00:21 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F93A8672-4575-4ED0-9780-D961EA32A08A}
[2011/11/20 11:35:48 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{950EFA04-CA0E-4611-967D-13A353D97FE3}
[2011/11/20 11:35:42 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{639E055D-E97F-463E-89CB-4275F36C1BB0}
[2011/11/18 07:14:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{754D6E9E-C0DA-4024-A1FD-7FA48D490323}
[2011/11/18 07:14:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3A3F9DD6-C9A2-49C5-B03B-92037C9624AF}
[2011/11/17 11:33:47 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E2EDBA8D-02AA-4882-934E-0BACF82EC875}
[2011/11/17 11:33:43 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D693BFF8-6A96-41EB-953D-0F47E59F73F3}
[2011/11/16 20:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2011/11/16 20:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2011/11/16 20:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/11/16 20:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/11/16 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Roaming\HpUpdate
[2011/11/16 20:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/11/16 20:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/11/16 20:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/16 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\HP
[2011/11/16 11:36:49 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EDDA101E-3461-4433-B172-9D9803FE4A64}
[2011/11/16 11:36:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{84C0BCC3-0409-4835-B10E-852A0CC98EAC}
[2011/11/15 11:36:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C124CF2B-501E-49CA-A944-AF944F655528}
[2011/11/15 11:36:10 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{769209FA-7270-4C4C-8F3F-49A1C408BE31}
[2011/11/14 18:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/14 18:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/14 18:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/14 13:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/14 13:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/14 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{A5D63B1D-48BF-4D7D-A482-77DA6CD2FDE8}
[2011/11/14 11:29:34 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EDF928F5-C182-4EBE-A971-54525B1AF574}
[2011/11/13 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C341E1CE-7CED-4355-A040-7C1CB3D1F691}
[2011/11/13 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EF6D09D5-128E-4641-9BEE-D2D7BF4C46EA}
[2011/11/13 11:34:54 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{73493EBB-CFAC-40E3-AFF4-9685DB087B74}
[2011/11/12 20:58:32 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{14985E97-CD6E-487D-8571-B7B69CEB2FEB}
[2011/11/12 20:58:22 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F257F842-BFFD-416F-8992-46C390B0BECE}
[2011/11/11 08:33:06 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{A26718C3-BE4E-4854-99CD-AEEA30AC458C}
[2011/11/11 08:32:59 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{19A20338-B4D7-43E8-8839-3DBBE9126F5B}
[2011/11/10 11:06:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{9DE469EC-945D-4BD4-831D-A4006518BC81}
[2011/11/10 11:06:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BC6BA3D9-B326-44B0-994B-13E85F96E09F}
[2011/11/09 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{07EF7A41-FAE0-4D32-B048-470455E631E5}
[2011/11/09 20:47:28 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D81914FB-7B6D-48CF-A75E-E5E6034D94C3}
[2011/11/09 08:47:03 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{43E0E672-55C5-4CF7-8815-BCAFD014470E}
[2011/11/09 08:47:00 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3FAA06D3-07C9-4634-AE99-1621765D384A}
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/11/07 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\Trusteer
[2011/11/07 13:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2011/11/07 13:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2011/11/07 13:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2011/11/07 11:35:52 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B7E5D967-E9CC-42BD-966B-F7C8194BF7A8}
[2011/11/07 11:34:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{0B809801-D880-429C-BACC-E3D843ACAC2B}
[2011/11/05 06:58:15 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{FE408156-78D8-40E1-8C30-F4B7BF4ECA95}
[2011/11/05 06:56:22 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{26D1BE06-5D81-4A4F-87E1-99BD3B49B8AB}
[2011/11/03 10:17:00 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{60BF999C-A1EB-4477-B7D5-E9567C843D4B}
[2011/11/03 10:15:11 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{96FA30EB-9C0E-4187-B4F4-C2E9C1DD096B}
[2011/11/02 20:59:29 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7FEA9E6C-93AF-472D-AEC0-997F55C5C524}
[2011/11/02 20:59:00 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6B863C29-9C54-440B-8007-E8C069FD1290}
[2011/11/02 07:50:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{340346EB-CE5A-47D2-B384-0369AEB937FC}
[2011/11/02 07:49:10 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{0B22FC1F-F302-48A5-9DC8-D3C1AE6DB908}
[2011/11/01 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Roaming\Yahoo!
[2011/11/01 10:14:32 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EF1F2497-5C5A-49ED-898D-B5301026C016}
[2011/11/01 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C6900884-EFC4-4340-B5C6-4E51627D1A23}
[2011/10/31 10:34:59 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{42FF808C-1F51-4F3A-9514-62C0FC3DF748}
[2011/10/31 10:33:40 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{44990589-CE35-402A-8C0D-5CC5A1AA6566}
[2011/10/30 11:34:25 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{582A8352-44F6-49F0-BE48-4DE8FB7DE77C}
[2011/10/30 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{8E9F0840-F2E5-4004-B510-B3726A42980F}
[2011/10/29 07:32:17 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{4F3D11A0-1F08-44AE-8FBF-94F0C223C33E}
[2011/10/29 07:31:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{337B516C-1A9F-47A3-A830-2805E20E2609}
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 12:50:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2011/11/27 12:46:28 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 12:46:27 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 12:45:56 | 000,430,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/27 12:45:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 12:45:31 | 3150,471,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 12:44:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/26 16:00:23 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/24 16:47:36 | 000,030,672 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\wklnhst.dat
[2011/11/21 08:55:00 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011/11/16 20:11:54 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2011/11/14 21:09:52 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/14 21:09:52 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/14 18:30:40 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/14 13:22:50 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/14 12:56:29 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/11/09 23:25:11 | 000,000,872 | ---- | M] () -- C:\Users\Neha\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 23:25:11 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/09 14:00:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/16 20:11:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/11/14 18:30:40 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/09 23:25:10 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/20 11:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/17 11:14:06 | 000,000,680 | ---- | C] () -- C:\Users\Neha\AppData\Local\d3d9caps.dat
[2009/11/04 11:58:41 | 000,217,088 | ---- | C] () -- C:\Windows\System32\avformat-50.dll
[2009/11/04 11:58:41 | 000,018,432 | ---- | C] () -- C:\Windows\System32\avutil-49.dll
[2009/11/04 11:58:40 | 001,984,512 | ---- | C] () -- C:\Windows\System32\avcodec-51.dll
[2009/09/24 06:53:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 06:53:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/02 15:10:18 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2009/03/17 18:31:57 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/09/17 09:25:51 | 000,000,137 | -H-- | C] () -- C:\Users\Neha\AppData\Roaming\lakerda1967.sys
[2008/09/17 09:25:29 | 000,010,568 | ---- | C] () -- C:\Users\Neha\AppData\Roaming\docXConverter (3).ini
[2008/08/12 09:44:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/05 19:30:02 | 000,017,499 | ---- | C] () -- C:\Windows\System32\MSSDTMGTX61.DLL
[2008/01/16 17:49:09 | 000,030,672 | ---- | C] () -- C:\Users\Neha\AppData\Roaming\wklnhst.dat
[2008/01/16 16:25:15 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/16 16:22:44 | 000,092,672 | ---- | C] () -- C:\Users\Neha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/11 14:08:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/03/19 06:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 06:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 06:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 06:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/10 17:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,430,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,611,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,109,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/03/08 17:40:12 | 000,210,944 | ---- | C] () -- C:\Windows\Msvcrt10.dll
[2004/03/08 17:40:12 | 000,057,344 | ---- | C] () -- C:\Windows\icmfilter.dll

========== LOP Check ==========

[2011/09/24 13:36:19 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Costco Photo Viewer CA-EN
[2011/05/28 14:53:21 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/06/21 11:10:55 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Facebook
[2009/03/20 13:56:49 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\gtk-2.0
[2009/03/20 15:56:38 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Jasc
[2010/12/11 16:47:52 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\PCDr
[2011/05/15 20:47:18 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\QFX Software
[2008/11/11 13:09:03 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Template
[2011/10/19 18:54:56 | 000,000,000 | ---D | M] -- C:\Users\Neha\AppData\Roaming\Windows Live Writer
[2011/11/21 08:55:00 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011/11/09 14:00:08 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/11/27 12:44:35 | 000,032,592 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/11/26 16:00:23 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Other:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Goldie's Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Desktop\Goldie Pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\My Downloads List1.ISO:Roxio EMC Stream
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3AEA6AF9

< End of report >

Extras Log
OTL Extras logfile created on: 27/11/2011 12:52:26 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 57.63% Memory free
6.07 Gb Paging File | 4.83 Gb Available in Paging File | 79.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 52.37 Gb Free Space | 37.68% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.92 Gb Free Space | 49.19% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013968D4-ECBE-441D-915F-6B70BD9C1364}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{069746CE-D36E-4B61-A674-F2688ACC1B66}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{075F1FBE-9FAA-4DD4-96F7-BB2E90F9904C}" = rport=138 | protocol=17 | dir=out | app=system |
"{1B51E66A-0458-4934-8900-CEACC86DE2D2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CA63133-92B8-4486-A991-81BF1091EB48}" = rport=445 | protocol=6 | dir=out | app=system |
"{2ECC9A63-CBB6-4639-8607-50D432B655C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{2F687070-DFB7-4093-B63D-BD9EC48991AB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{454134CC-B163-428D-B973-87B71C45CB47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AD63E72-829F-4498-9EE3-E1137668AC90}" = lport=139 | protocol=6 | dir=in | app=system |
"{678AA400-7EEC-46C5-853F-ED5C776CE83F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7276EA81-EE13-4BD2-A169-4AE36FC3402E}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A09B8FC-D247-41CA-AA06-1891936D2205}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8EB88943-43DE-492B-94B6-057CC742245D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F685452-D4E2-429B-B707-0F825AEA8EF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{91095EED-1CC5-4FCB-BC5B-3AB017BFA571}" = lport=137 | protocol=17 | dir=in | app=system |
"{9261AC15-BFE7-4C94-80F5-53400B7C4608}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93E38172-A2B1-421A-8501-026CED3D6878}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9546AD8B-2B48-40AC-AF25-CAD72682F3F7}" = rport=137 | protocol=17 | dir=out | app=system |
"{996E24C1-C62D-4E34-B680-5809E4FEB274}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB35D350-9F58-43A2-85C3-E3F105C23612}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BCE65467-AAA4-4BF5-BDD8-7DCD10AAB948}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BE0974FA-1E6F-4467-9E67-80F5AE1C6825}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFC47231-7A8D-44DA-A2A9-06DC47249198}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CFA9223A-A170-4AE4-A160-B097DF93B1B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001CB2D4-9CE3-44E6-8F71-2644167AF459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{014CA6FD-6243-4AA1-AE64-66ECCA960B7E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{0260E308-28B7-4704-ABDC-61FAA344BA8D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{06F7B525-BB49-43E0-921E-E820F35FA756}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{0B7F8CC8-C000-4971-91E3-7F40085085BC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{0C661D5F-D4BC-4D97-BA17-939904E0B6B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15B65404-FEB1-4FB1-BDE9-2FAC3C006FE4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1200518764\ee\aolsoftware.exe |
"{15F08CE5-4B41-461C-A0AB-CBC936F61341}" = protocol=58 | dir=out | [email protected],-28546 |
"{19BE42DF-4357-4DFC-AC02-2460FE2A3C06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F55333F-298D-4A7C-95A2-BBA4AE8C3CF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8B7BA6-D6FB-4492-82CF-8572BDFF503F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22B935CA-F12C-4DBA-A07A-AEF6E1AF7841}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3196F17B-CE8E-420A-9592-010031DA14C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37041720-4B58-4B3A-8ABD-FA3E613448BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3AC23F75-8989-454B-8C8C-EE691CED0D3C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{40A11FCB-CD30-4010-9785-AEC62B620C23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{413516A1-276A-4212-A9E6-79B7061B4456}" = protocol=58 | dir=in | [email protected],-28545 |
"{4BA48928-AE38-4FD7-88DA-D46E7A0D11ED}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{4C90023C-151D-442A-AD2E-A89051B4FB7E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{4DA37EF0-C3F6-48D1-814B-CB0CC8769D85}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\aol.exe |
"{5033E463-7DE3-4D63-A9A0-69F4F796C959}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54066253-014C-46AA-81A7-3F30D13AE8D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5982BE8E-7038-4726-B74B-828668FAB9D0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5D0E2E96-7522-4C3C-BEA2-EA2BB507A526}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6208BF4A-0001-4320-A755-D0BAA2879331}" = protocol=1 | dir=in | [email protected],-28543 |
"{6662909E-BCDD-4B02-9202-9152088657DA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{6A01FEBA-47F5-47CA-805F-C2C6CB63D7EF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6A803F42-0B00-48CE-BFBF-28A67746563B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{6C389A6E-521E-4614-8BB5-1A1472785979}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\aol.exe |
"{6C766B62-F96D-484A-8583-E5879D03760C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7786B1CC-4FF9-43CD-9C99-1C1861A1BD2E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{8183CB5F-F9BB-454C-B04B-8116C494FE19}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{87027BF9-4389-4914-AE6D-5CD15CB3EC43}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{876BBDF7-B6BD-4B15-A9B1-9BB1B8700895}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1200518764\ee\aolsoftware.exe |
"{8E670B63-5A6B-4CCB-9E2A-7B9D6F801C3F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{919BC780-5BBB-4EC9-B2FB-78E500AE529C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9351194E-CC12-4CB3-87BA-0BA472DE5129}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{936908FD-F7A2-4DCA-9F2D-7D321E473DF3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{97F2731B-A0A3-493A-A55F-78BD5008A37F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C79286E-86D2-4D68-966A-477CA284098C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{9FD10955-CFDB-4855-8430-445BA5DC60AB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{A2626517-22D9-487F-8D99-AAE95F2E9A64}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{A527F0FD-5692-40FC-BC7F-A12DD0CFBEFF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{AC1CE5B8-3901-4174-BB20-C2A47B10B65E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4FC0C8D-A41F-42DA-BB5B-E2EA7F953A89}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{B6C12BA8-8AA8-47BC-8B03-E7785CA52395}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{B85DC8D9-B4D2-4495-B6E9-2022E1ECF430}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B927303E-99CA-450B-9B50-0AAC2278642E}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{BDCCA442-1A39-42D3-BC85-C8DEF1538ABC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE10D116-24B0-4948-9916-5F539FA4FB16}" = protocol=6 | dir=out | app=system |
"{C16EB4F8-D627-4B66-AB07-ED2E878A1C6F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{C28711CC-9707-4CEC-AA67-20D0C273E300}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1200518764\ee\aolsoftware.exe |
"{C36781E0-B348-4FD3-A6D5-62258904FF93}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C750639F-5539-4B05-A9C8-0880784B6962}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{CC87F0C9-6509-4BDA-87C4-668BA6DAFF16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE24841B-142D-43D5-A9F6-DACA58437065}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{D378417E-A0BE-48FD-AAE7-DD8CA455E17C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D7811609-C693-4169-85E4-B5F4D08288BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D937CF42-573A-478E-9EAF-2F84E39E21EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E1EDE59C-D190-4AFD-B88C-CDB815CDACD2}" = protocol=1 | dir=out | [email protected],-28544 |
"{E3E984DF-EC7D-448D-8906-BE43962AB9BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E711F05D-1004-4607-B383-2BB0DA7F07F8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{EAA87DF1-D6C2-4FFE-B7EA-B91CB0CA6A4D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{EC21EF74-BF39-4465-A24F-4D3BD4525472}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EC705686-0C7A-4B92-84C7-247C43819220}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{ED2035C2-D39A-4243-B2EE-4ED2BEE98200}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ED43E924-A0DA-4ED4-A54E-BB63D4176380}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{ED7EF7D4-C040-458D-A861-A1CA8F0B4835}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1200518764\ee\aolsoftware.exe |
"{F29FDCB8-B91C-473C-9E19-3A2128B64608}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{F3AEC9EF-45FE-4FE0-9D8A-07B84376AB69}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{F45ABB89-F676-47F1-AA44-808B061FDFB3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{F4A87CAC-CFB2-4213-BB3F-26C257313286}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FA912D6E-4E33-46EC-B51B-3E3B8F459E75}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{5690858B-0A76-4DA7-BAE1-BC588FAD7472}C:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe" = protocol=6 | dir=in | app=c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe |
"TCP Query User{667EA162-E872-4EED-B37F-4FA2AF046005}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{6DCCEE70-2BA6-4423-906E-42AB23441A2B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{896F6545-F813-4058-9DFE-E37F4772C6F6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9DD42084-8FB2-46EA-B2B6-88A092E8933F}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{D77A8250-E6F6-48A5-B9D6-BDA0611DC9FF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{08FAED95-E56A-41F5-8CDC-4AEC83D60C0E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{11C0B9A1-C983-42D8-951D-8B0CA595B72D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{2E8631C5-D57D-4EA5-9A2E-EF3A1206F10A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4FD25C15-C092-411A-A6B6-5B5510FD977C}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{5EB18FA0-CCF4-45ED-8D3C-63299753ACAE}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{DED05C0E-D6C9-4980-AF10-85834EE56D53}C:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe" = protocol=17 | dir=in | app=c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE08B0-7804-43FF-8B90-04EEC285FFF6}" = Microsoft Office Live Add-in Patches
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AMDAway INF" = AMDAway INF
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Ares" = Ares 2.1.0
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Dell Support Center" = Dell Support Center
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"HP Photo Creations" = HP Photo Creations
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Rapport_msi" = Rapport
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"TurboHddUsb" = TurboHddUsb
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 24/03/2008 10:03:33 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 05/04/2008 11:02:05 AM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:03 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:04 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:09 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:16 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:20 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 07/01/2010 8:25:47 AM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

[ Dell Events ]
Error - 28/05/2011 8:32:26 AM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/06/2011 11:37:40 AM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 10/06/2011 11:37:41 AM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/07/2011 10:59:12 AM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 17/07/2011 10:59:12 AM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 15/08/2011 11:19:14 AM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 15/08/2011 11:19:15 AM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 20/08/2011 7:49:59 AM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 20/08/2011 7:49:59 AM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 27/08/2011 11:56:12 PM | Computer Name = Neha-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ OSession Events ]
Error - 01/12/2010 1:08:57 AM | Computer Name = Neha-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25/11/2011 12:32:58 PM | Computer Name = Neha-PC | Source = DCOM | ID = 10016
Description =

Error - 25/11/2011 12:33:04 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/11/2011 4:28:54 PM | Computer Name = Neha-PC | Source = Print | ID = 6161
Description = The document PDF_516875204_11_2011-11-17_0000000000-1.pdf, owned by
Neha, failed to print on printer HPE71A6D (HP Deskjet 3050 J610 series). Try to
print the document again, or restart the print spooler. Data type: NT EMF 1.008.
Size of the spool file in bytes: 378400. Number of bytes printed: 0. Total number
of pages in the document: 2. Number of pages printed: 0. Client computer: \\NEHA-PC.
Win32 error code returned by the print processor: 0. The operation completed successfully.


Error - 25/11/2011 4:32:46 PM | Computer Name = Neha-PC | Source = Print | ID = 6161
Description = The document Microsoft Word - Document1, owned by Neha, failed to
print on printer HPE71A6D (HP Deskjet 3050 J610 series). Try to print the document
again, or restart the print spooler. Data type: NT EMF 1.008. Size of the spool
file in bytes: 16040. Number of bytes printed: 0. Total number of pages in the
document: 1. Number of pages printed: 0. Client computer: \\NEHA-PC. Win32 error
code returned by the print processor: 0. The operation completed successfully.

Error - 26/11/2011 9:33:27 AM | Computer Name = Neha-PC | Source = DCOM | ID = 10016
Description =

Error - 26/11/2011 9:33:31 AM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/11/2011 12:11:14 PM | Computer Name = Neha-PC | Source = DCOM | ID = 10016
Description =

Error - 27/11/2011 12:11:31 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/11/2011 1:47:20 PM | Computer Name = Neha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 27/11/2011 1:47:57 PM | Computer Name = Neha-PC | Source = DCOM | ID = 10016
Description =


< End of report >
  • 0

Advertisements

#17
RKinner
Posted 27 November 2011 - 12:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Uninstall
Java™ 6 Update 26
Ares 2.1.0
Bing Bar
Yahoo! Browser Services
Yahoo! Software Update
Yahoo! Install Manager
Facebook Plug-In


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0
[2011/11/10 14:57:17 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/11/07 14:40:05 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2011/09/08 06:36:59 | 000,000,000 | ---D | M] (LiveClick) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}
[2009/09/05 04:24:50 | 000,002,255 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\askcom.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
[2011/11/26 16:00:23 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/11/09 14:00:08 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log it creates and Copy and Paste it into a reply.


If one of the following will not run then just skip to the next one then go back and try the things that wouldn't run again after finishing the others.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

Rightclick on Malwarebytes' Anti-Malware and select Run As Administrator and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.

* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then right click and Run as Administrator

If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator

change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)




1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#18
nehac
Posted 27 November 2011 - 12:57 PM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I actually ran the fix before removing the programs (thought it would remove them for me...) Not sure if that is a issue. But here is the log
========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.8.0.8 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}:7.0 removed from extensions.enabledItems
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\modules folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}\modules folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}\defaults\preferences folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}\defaults folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509}\chrome folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{d166ee2a-36bb-4f33-aff7-e85f912df509} folder moved successfully.
C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\ deleted successfully.
C:\Program Files\Yahoo!\Common\yiesrvc.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}\ deleted successfully.
C:\Program Files\Dell\BAE\BAE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files\Microsoft\BingBar\BingExt.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files\Java\jre7\bin\jp2ssv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files\Microsoft\BingBar\BingExt.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
C:\Windows\Tasks\SystemToolsDailyTest.job moved successfully.
C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Neha\Desktop\cmd.bat deleted successfully.
C:\Users\Neha\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Goldie
->Java cache emptied: 0 bytes

User: Neha
->Java cache emptied: 1857588 bytes

User: Public

User: TEMP

Total Java Files Cleaned = 2.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Goldie
->Flash cache emptied: 489 bytes

User: Neha
->Flash cache emptied: 74839 bytes

User: Public

User: TEMP

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11272011_132716

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Malwarebytes log:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8212

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154

27/11/2011 2:10:52 PM
mbam-log-2011-11-27 (14-10-52).txt

Scan type: Quick scan
Objects scanned: 210273
Time elapsed: 12 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Combofix:
ComboFix 11-11-27.02 - Neha 27/11/2011 14:18:55.1.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.2.1033.18.3006.1892 [GMT -5:00]
Running from: c:\users\Neha\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\SPL2B87.tmp
c:\users\Neha\g2mdlhlpx.exe
c:\windows\security\Database\tmp.edb
D:\AUTORUN.INF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-27 to 2011-11-27 )))))))))))))))))))))))))))))))
.
.
2011-11-27 19:33 . 2011-11-27 19:33 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-11-27 19:33 . 2011-11-27 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-27 18:51 . 2011-11-27 18:51 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D06C91C7-8148-44C8-86AD-596EBB334971}\offreg.dll
2011-11-27 18:27 . 2011-11-27 18:27 -------- d-----w- C:\_OTL
2011-11-25 16:44 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D06C91C7-8148-44C8-86AD-596EBB334971}\mpengine.dll
2011-11-17 01:33 . 2011-11-17 01:41 -------- d-----w- c:\programdata\HP Photo Creations
2011-11-17 01:33 . 2011-11-17 01:33 -------- d-----w- c:\program files\HP Photo Creations
2011-11-17 01:32 . 2011-11-17 01:33 -------- d-----w- c:\program files\Coupons
2011-11-17 01:32 . 2011-11-17 01:32 -------- d-----w- c:\users\Neha\AppData\Roaming\HpUpdate
2011-11-17 01:31 . 2010-11-17 02:10 527208 ------w- c:\windows\system32\HPDiscoPM9311.dll
2011-11-17 01:28 . 2011-11-17 01:28 -------- d-----w- c:\programdata\HP
2011-11-17 01:28 . 2011-11-17 01:32 -------- d-----w- c:\program files\HP
2011-11-17 01:08 . 2011-11-17 01:42 -------- d-----w- c:\users\Neha\AppData\Local\HP
2011-11-14 23:29 . 2011-11-14 23:29 -------- d-----w- c:\program files\iPod
2011-11-14 23:29 . 2011-11-14 23:30 -------- d-----w- c:\program files\iTunes
2011-11-11 13:36 . 2011-11-11 13:36 -------- d-----w- c:\users\Default\AppData\Local\Trusteer
2011-11-10 04:25 . 2011-11-05 06:53 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-11-10 04:25 . 2011-11-05 06:53 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-11-10 04:25 . 2011-11-05 06:53 801752 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-11-10 04:25 . 2011-11-05 06:53 478168 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-11-10 04:25 . 2011-11-05 06:53 1989592 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-11-10 04:25 . 2011-11-05 06:53 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-11-10 04:25 . 2011-11-05 03:21 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-11-10 04:25 . 2011-11-05 03:21 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-11-09 13:55 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-09 13:55 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 13:55 . 2011-09-30 15:57 707584 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-08 02:28 . 2011-11-08 02:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-11-07 18:36 . 2011-11-07 18:36 -------- d-----w- c:\users\Neha\AppData\Local\Trusteer
2011-11-07 18:35 . 2011-11-07 18:35 -------- d-----w- c:\program files\Trusteer
2011-11-07 18:32 . 2011-11-07 18:32 -------- d-----w- c:\programdata\Trusteer
2011-11-02 00:04 . 2011-11-27 18:44 -------- d-----w- c:\users\Neha\AppData\Roaming\Yahoo!
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-19 12:41 . 2011-05-18 15:52 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-14 18:07 . 2010-08-16 01:34 544656 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-20 00:45 . 2011-03-28 22:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-09-30 23:06 . 2011-10-13 15:46 916480 ----a-w- c:\windows\system32\wininet.dll
2011-09-30 23:02 . 2011-10-13 15:46 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-09-30 23:01 . 2011-10-13 15:46 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-09-30 23:01 . 2011-10-13 15:46 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-09-30 23:01 . 2011-10-13 15:46 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-09-30 22:07 . 2011-10-13 15:46 385024 ----a-w- c:\windows\system32\html.iec
2011-09-30 21:29 . 2011-10-13 15:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-09-30 21:28 . 2011-10-13 15:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-14 13:58 . 2011-05-16 01:45 225592 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-09-06 20:45 . 2010-10-07 01:34 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2008-07-13 17:08 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-03-20 16:22 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2008-07-13 17:08 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2008-07-13 17:08 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2008-07-13 17:08 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2008-07-13 17:08 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2008-07-13 17:08 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-06 13:30 . 2011-10-13 15:46 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 21:00 . 2011-05-16 01:31 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-11-05 06:53 . 2011-11-10 04:25 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2011-08-22 6276408]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2011-01-13 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TurboHddUsb"="c:\program files\TurboHddUsb\TurboHddUsb.exe" [2009-09-03 3327488]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TotalMedia Backup Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
backup=c:\windows\pss\TotalMedia Backup Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Neha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Neha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 16:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2011-01-13 11:19 42320 ----a-w- c:\program files\AOL Desktop 9.6\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-10-06 05:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 23:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\aol\1200518764\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
2006-03-27 15:57 126104 ----a-w- c:\program files\Common Files\aol\IPHSend\IPHSend.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-10-03 17:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-08-22 05:18 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2011-05-13 20:03 4283256 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 04:16 13535776 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 04:16 92704 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2006-10-20 23:23 118784 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 19:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-03-12 14:11 232184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-01-17 12:22 4907008 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 17:59 252136 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 15:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2009-09-03 17792]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\9ABD.tmp [x]
R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2009-09-03 7040]
S1 RapportCerberus_32301;RapportCerberus_32301;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [2011-11-08 227312]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [2011-11-08 71440]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2011-11-08 164112]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-08 931640]
S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-09-14 225592]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [2011-11-08 21520]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://ca.yahoo.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 205.188.146.145
FF - ProfilePath - c:\users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://plasmoo.com/index.htm?SearchMashine=true&amp;q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
------- File Associations -------
.
.exe=REG_SZ
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DellSupportCenter - c:\program files\Dell Support Center\bin\sprtcmd.exe
MSConfigStartUp-dscactivate - c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
MSConfigStartUp-EzPrint - c:\program files\Lexmark 5200 Series\ezprint.exe
MSConfigStartUp-Google Update - c:\users\Neha\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-LXBTCATS - c:\windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll
MSConfigStartUp-lxbtmon - c:\program files\Lexmark 5200 Series\lxbtmon.exe
MSConfigStartUp-SpywareTerminator - c:\program files\Spyware Terminator\SpywareTerminatorShield.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-27 14:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\9ABD.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCD5SRVC{3F6A8B78-EC003E00-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-11-27 14:43:41
ComboFix-quarantined-files.txt 2011-11-27 19:43
.
Pre-Run: 55,996,776,448 bytes free
Post-Run: 59,120,713,728 bytes free
.
- - End Of File - - EAA98AEC87D044DD2F08312415C49635

TDSSKILLER Log:
14:50:17.0090 4924 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
14:50:17.0624 4924 ============================================================
14:50:17.0624 4924 Current date / time: 2011/11/27 14:50:17.0624
14:50:17.0624 4924 SystemInfo:
14:50:17.0624 4924
14:50:17.0624 4924 OS Version: 6.0.6002 ServicePack: 2.0
14:50:17.0624 4924 Product type: Workstation
14:50:17.0624 4924 ComputerName: NEHA-PC
14:50:17.0625 4924 UserName: Neha
14:50:17.0625 4924 Windows directory: C:\Windows
14:50:17.0625 4924 System windows directory: C:\Windows
14:50:17.0625 4924 Processor architecture: Intel x86
14:50:17.0625 4924 Number of processors: 1
14:50:17.0625 4924 Page size: 0x1000
14:50:17.0625 4924 Boot type: Normal boot
14:50:17.0625 4924 ============================================================
14:50:19.0434 4924 Initialize success
14:50:24.0429 5824 ============================================================
14:50:24.0429 5824 Scan started
14:50:24.0429 5824 Mode: Manual;
14:50:24.0429 5824 ============================================================
14:50:27.0534 5824 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
14:50:27.0538 5824 ACPI - ok
14:50:27.0595 5824 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
14:50:27.0599 5824 adp94xx - ok
14:50:27.0630 5824 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
14:50:27.0633 5824 adpahci - ok
14:50:27.0724 5824 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
14:50:27.0725 5824 adpu160m - ok
14:50:27.0766 5824 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
14:50:27.0767 5824 adpu320 - ok
14:50:27.0819 5824 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\Windows\system32\drivers\Afc.sys
14:50:27.0819 5824 Afc - ok
14:50:27.0871 5824 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
14:50:27.0877 5824 AFD - ok
14:50:27.0917 5824 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
14:50:27.0918 5824 agp440 - ok
14:50:27.0986 5824 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
14:50:27.0988 5824 aic78xx - ok
14:50:28.0015 5824 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
14:50:28.0017 5824 aliide - ok
14:50:28.0044 5824 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
14:50:28.0045 5824 amdagp - ok
14:50:28.0075 5824 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
14:50:28.0078 5824 amdide - ok
14:50:28.0097 5824 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
14:50:28.0098 5824 AmdK7 - ok
14:50:28.0122 5824 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
14:50:28.0123 5824 AmdK8 - ok
14:50:28.0296 5824 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
14:50:28.0298 5824 arc - ok
14:50:28.0370 5824 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
14:50:28.0371 5824 arcsas - ok
14:50:28.0466 5824 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
14:50:28.0467 5824 aswFsBlk - ok
14:50:28.0511 5824 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
14:50:28.0513 5824 aswMonFlt - ok
14:50:28.0590 5824 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
14:50:28.0592 5824 aswRdr - ok
14:50:28.0650 5824 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
14:50:28.0655 5824 aswSnx - ok
14:50:28.0701 5824 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
14:50:28.0734 5824 aswSP - ok
14:50:28.0837 5824 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
14:50:28.0839 5824 aswTdi - ok
14:50:28.0877 5824 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
14:50:28.0879 5824 AsyncMac - ok
14:50:28.0914 5824 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
14:50:28.0915 5824 atapi - ok
14:50:29.0043 5824 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
14:50:29.0062 5824 Beep - ok
14:50:29.0101 5824 blbdrive - ok
14:50:29.0171 5824 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
14:50:29.0174 5824 bowser - ok
14:50:29.0228 5824 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
14:50:29.0230 5824 BrFiltLo - ok
14:50:29.0248 5824 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
14:50:29.0249 5824 BrFiltUp - ok
14:50:29.0322 5824 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
14:50:29.0324 5824 Brserid - ok
14:50:29.0349 5824 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
14:50:29.0350 5824 BrSerWdm - ok
14:50:29.0469 5824 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
14:50:29.0470 5824 BrUsbMdm - ok
14:50:29.0525 5824 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
14:50:29.0526 5824 BrUsbSer - ok
14:50:29.0547 5824 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
14:50:29.0548 5824 BTHMODEM - ok
14:50:29.0663 5824 catchme - ok
14:50:29.0704 5824 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
14:50:29.0705 5824 cdfs - ok
14:50:29.0744 5824 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
14:50:29.0746 5824 cdrom - ok
14:50:29.0799 5824 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
14:50:29.0800 5824 circlass - ok
14:50:30.0244 5824 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
14:50:30.0277 5824 CLFS - ok
14:50:30.0395 5824 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
14:50:30.0398 5824 cmdide - ok
14:50:30.0462 5824 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
14:50:30.0464 5824 Compbatt - ok
14:50:30.0492 5824 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
14:50:30.0497 5824 crcdisk - ok
14:50:30.0538 5824 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
14:50:30.0539 5824 Crusoe - ok
14:50:30.0620 5824 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
14:50:30.0622 5824 DfsC - ok
14:50:30.0679 5824 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
14:50:30.0681 5824 disk - ok
14:50:30.0736 5824 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
14:50:30.0738 5824 drmkaud - ok
14:50:30.0777 5824 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
14:50:30.0790 5824 DXGKrnl - ok
14:50:30.0819 5824 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
14:50:30.0822 5824 e1express - ok
14:50:30.0915 5824 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
14:50:30.0917 5824 E1G60 - ok
14:50:30.0967 5824 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
14:50:30.0971 5824 Ecache - ok
14:50:31.0013 5824 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
14:50:31.0017 5824 elxstor - ok
14:50:31.0173 5824 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
14:50:31.0178 5824 exfat - ok
14:50:31.0208 5824 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
14:50:31.0213 5824 fastfat - ok
14:50:31.0275 5824 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
14:50:31.0291 5824 fdc - ok
14:50:31.0333 5824 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
14:50:31.0336 5824 FileInfo - ok
14:50:31.0367 5824 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
14:50:31.0369 5824 Filetrace - ok
14:50:31.0394 5824 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
14:50:31.0396 5824 flpydisk - ok
14:50:31.0516 5824 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
14:50:31.0519 5824 FltMgr - ok
14:50:31.0557 5824 FNETTBOH (b91c51d44558985ed0593fd5963d1866) C:\Windows\system32\drivers\FNETTBOH.SYS
14:50:31.0558 5824 FNETTBOH - ok
14:50:31.0579 5824 FNETURPX (0a79334fb069c6b38df7ad56a109ea01) C:\Windows\system32\drivers\FNETURPX.SYS
14:50:31.0580 5824 FNETURPX - ok
14:50:31.0637 5824 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
14:50:31.0638 5824 fssfltr - ok
14:50:31.0737 5824 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
14:50:31.0738 5824 Fs_Rec - ok
14:50:31.0780 5824 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
14:50:31.0782 5824 gagp30kx - ok
14:50:31.0819 5824 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
14:50:31.0820 5824 GEARAspiWDM - ok
14:50:31.0868 5824 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:50:31.0877 5824 HDAudBus - ok
14:50:31.0901 5824 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
14:50:31.0902 5824 HidBth - ok
14:50:31.0932 5824 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
14:50:31.0933 5824 HidIr - ok
14:50:31.0965 5824 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
14:50:31.0967 5824 HidUsb - ok
14:50:31.0995 5824 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
14:50:31.0997 5824 HpCISSs - ok
14:50:32.0045 5824 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
14:50:32.0053 5824 HTTP - ok
14:50:32.0075 5824 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
14:50:32.0078 5824 i2omp - ok
14:50:32.0135 5824 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
14:50:32.0138 5824 i8042prt - ok
14:50:32.0180 5824 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
14:50:32.0185 5824 iaStorV - ok
14:50:32.0238 5824 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
14:50:32.0240 5824 iirsp - ok
14:50:32.0337 5824 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
14:50:32.0383 5824 IntcAzAudAddService - ok
14:50:32.0416 5824 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
14:50:32.0417 5824 intelide - ok
14:50:32.0494 5824 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
14:50:32.0496 5824 intelppm - ok
14:50:32.0549 5824 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:50:32.0551 5824 IpFilterDriver - ok
14:50:32.0569 5824 IpInIp - ok
14:50:32.0605 5824 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
14:50:32.0607 5824 IPMIDRV - ok
14:50:32.0661 5824 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
14:50:32.0664 5824 IPNAT - ok
14:50:32.0733 5824 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
14:50:32.0735 5824 IRENUM - ok
14:50:32.0775 5824 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
14:50:32.0778 5824 isapnp - ok
14:50:32.0820 5824 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
14:50:32.0824 5824 iScsiPrt - ok
14:50:32.0857 5824 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
14:50:32.0860 5824 iteatapi - ok
14:50:32.0894 5824 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
14:50:32.0896 5824 iteraid - ok
14:50:32.0935 5824 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:50:32.0936 5824 kbdclass - ok
14:50:32.0985 5824 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
14:50:32.0987 5824 kbdhid - ok
14:50:33.0047 5824 KeyScrambler (c719c729ce65aad98d550458220b6d15) C:\Windows\system32\drivers\keyscrambler.sys
14:50:33.0050 5824 KeyScrambler - ok
14:50:33.0095 5824 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
14:50:33.0103 5824 KSecDD - ok
14:50:33.0147 5824 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\Windows\system32\DRIVERS\Lbd.sys
14:50:33.0149 5824 Lbd - ok
14:50:33.0195 5824 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
14:50:33.0197 5824 lltdio - ok
14:50:33.0257 5824 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
14:50:33.0261 5824 LSI_FC - ok
14:50:33.0300 5824 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
14:50:33.0301 5824 LSI_SAS - ok
14:50:33.0349 5824 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
14:50:33.0351 5824 LSI_SCSI - ok
14:50:33.0383 5824 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
14:50:33.0385 5824 luafv - ok
14:50:33.0422 5824 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
14:50:33.0423 5824 megasas - ok
14:50:33.0489 5824 MEMSWEEP2 - ok
14:50:33.0542 5824 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
14:50:33.0546 5824 Modem - ok
14:50:33.0583 5824 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
14:50:33.0584 5824 monitor - ok
14:50:33.0627 5824 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
14:50:33.0629 5824 mouclass - ok
14:50:33.0657 5824 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
14:50:33.0660 5824 mouhid - ok
14:50:33.0689 5824 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
14:50:33.0691 5824 MountMgr - ok
14:50:33.0734 5824 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
14:50:33.0735 5824 mpio - ok
14:50:33.0763 5824 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
14:50:33.0768 5824 mpsdrv - ok
14:50:33.0800 5824 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
14:50:33.0802 5824 Mraid35x - ok
14:50:33.0861 5824 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
14:50:33.0909 5824 MRxDAV - ok
14:50:33.0971 5824 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:50:33.0973 5824 mrxsmb - ok
14:50:34.0031 5824 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:50:34.0077 5824 mrxsmb10 - ok
14:50:34.0099 5824 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:50:34.0101 5824 mrxsmb20 - ok
14:50:34.0133 5824 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
14:50:34.0135 5824 msahci - ok
14:50:34.0178 5824 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
14:50:34.0180 5824 msdsm - ok
14:50:34.0252 5824 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
14:50:34.0254 5824 Msfs - ok
14:50:34.0297 5824 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
14:50:34.0299 5824 msisadrv - ok
14:50:34.0344 5824 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
14:50:34.0346 5824 MSKSSRV - ok
14:50:34.0389 5824 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
14:50:34.0390 5824 MSPCLOCK - ok
14:50:34.0428 5824 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
14:50:34.0429 5824 MSPQM - ok
14:50:34.0518 5824 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
14:50:34.0522 5824 MsRPC - ok
14:50:34.0560 5824 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
14:50:34.0562 5824 mssmbios - ok
14:50:34.0593 5824 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
14:50:34.0595 5824 MSTEE - ok
14:50:34.0628 5824 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
14:50:34.0630 5824 Mup - ok
14:50:34.0683 5824 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
14:50:34.0686 5824 NativeWifiP - ok
14:50:34.0743 5824 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
14:50:34.0748 5824 NDIS - ok
14:50:34.0805 5824 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
14:50:34.0807 5824 NdisTapi - ok
14:50:34.0850 5824 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
14:50:34.0852 5824 Ndisuio - ok
14:50:34.0900 5824 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:50:34.0914 5824 NdisWan - ok
14:50:34.0961 5824 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
14:50:34.0964 5824 NDProxy - ok
14:50:34.0986 5824 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
14:50:34.0988 5824 NetBIOS - ok
14:50:35.0044 5824 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
14:50:35.0049 5824 netbt - ok
14:50:35.0123 5824 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
14:50:35.0125 5824 nfrd960 - ok
14:50:35.0179 5824 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
14:50:35.0181 5824 Npfs - ok
14:50:35.0237 5824 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
14:50:35.0248 5824 nsiproxy - ok
14:50:35.0320 5824 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
14:50:35.0338 5824 Ntfs - ok
14:50:35.0372 5824 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
14:50:35.0373 5824 ntrigdigi - ok
14:50:35.0405 5824 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
14:50:35.0406 5824 Null - ok
14:50:35.0538 5824 NVENETFD (19055a1c1076ef48e738d26ea7fb8017) C:\Windows\system32\DRIVERS\nvmfdx32.sys
14:50:35.0554 5824 NVENETFD - ok
14:50:35.0880 5824 nvlddmkm (e572ebf0a86a76e7cfcaab00648f0f83) C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:50:35.0966 5824 nvlddmkm - ok
14:50:36.0063 5824 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
14:50:36.0065 5824 nvraid - ok
14:50:36.0108 5824 nvrd32 (1988af02f581ee0a0a0c4d920b7e272f) C:\Windows\system32\DRIVERS\nvrd32.sys
14:50:36.0112 5824 nvrd32 - ok
14:50:36.0157 5824 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
14:50:36.0159 5824 nvstor - ok
14:50:36.0191 5824 nvstor32 (215816305e18c3305ed3407fc375b3fd) C:\Windows\system32\DRIVERS\nvstor32.sys
14:50:36.0195 5824 nvstor32 - ok
14:50:36.0253 5824 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
14:50:36.0255 5824 nv_agp - ok
14:50:36.0290 5824 NwlnkFlt - ok
14:50:36.0313 5824 NwlnkFwd - ok
14:50:36.0366 5824 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
14:50:36.0368 5824 ohci1394 - ok
14:50:36.0479 5824 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
14:50:36.0480 5824 Parport - ok
14:50:36.0519 5824 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
14:50:36.0522 5824 partmgr - ok
14:50:36.0556 5824 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
14:50:36.0558 5824 Parvdm - ok
14:50:36.0619 5824 PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
14:50:36.0667 5824 PcdrNdisuio - ok
14:50:36.0712 5824 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
14:50:36.0716 5824 pci - ok
14:50:36.0756 5824 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
14:50:36.0758 5824 pciide - ok
14:50:36.0800 5824 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
14:50:36.0803 5824 pcmcia - ok
14:50:36.0858 5824 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
14:50:36.0872 5824 PEAUTH - ok
14:50:36.0988 5824 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
14:50:36.0990 5824 PptpMiniport - ok
14:50:37.0032 5824 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
14:50:37.0034 5824 Processor - ok
14:50:37.0107 5824 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
14:50:37.0111 5824 PSched - ok
14:50:37.0162 5824 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
14:50:37.0164 5824 PxHelp20 - ok
14:50:37.0223 5824 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
14:50:37.0230 5824 ql2300 - ok
14:50:37.0301 5824 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
14:50:37.0303 5824 ql40xx - ok
14:50:37.0429 5824 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
14:50:37.0441 5824 QWAVEdrv - ok
14:50:37.0627 5824 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
14:50:37.0656 5824 R300 - ok
14:50:37.0780 5824 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
14:50:37.0784 5824 RapportCerberus_32301 - ok
14:50:37.0827 5824 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
14:50:37.0830 5824 RapportEI - ok
14:50:37.0885 5824 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys
14:50:37.0885 5824 RapportIaso - ok
14:50:37.0939 5824 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
14:50:37.0954 5824 RapportPG - ok
14:50:38.0137 5824 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
14:50:38.0139 5824 RasAcd - ok
14:50:38.0190 5824 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:50:38.0195 5824 Rasl2tp - ok
14:50:38.0234 5824 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
14:50:38.0236 5824 RasPppoe - ok
14:50:38.0277 5824 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
14:50:38.0281 5824 RasSstp - ok
14:50:38.0330 5824 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
14:50:38.0336 5824 rdbss - ok
14:50:38.0362 5824 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:50:38.0364 5824 RDPCDD - ok
14:50:38.0424 5824 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
14:50:38.0428 5824 rdpdr - ok
14:50:38.0465 5824 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
14:50:38.0467 5824 RDPENCDD - ok
14:50:38.0513 5824 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
14:50:38.0518 5824 RDPWD - ok
14:50:38.0611 5824 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
14:50:38.0614 5824 rspndr - ok
14:50:38.0655 5824 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
14:50:38.0657 5824 sbp2port - ok
14:50:38.0741 5824 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:50:38.0745 5824 secdrv - ok
14:50:38.0799 5824 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
14:50:38.0800 5824 Serenum - ok
14:50:38.0823 5824 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
14:50:38.0825 5824 Serial - ok
14:50:38.0870 5824 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
14:50:38.0872 5824 sermouse - ok
14:50:38.0936 5824 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
14:50:38.0937 5824 sffdisk - ok
14:50:39.0110 5824 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
14:50:39.0111 5824 sffp_mmc - ok
14:50:39.0137 5824 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
14:50:39.0138 5824 sffp_sd - ok
14:50:39.0180 5824 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
14:50:39.0181 5824 sfloppy - ok
14:50:39.0250 5824 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
14:50:39.0252 5824 sisagp - ok
14:50:39.0288 5824 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
14:50:39.0290 5824 SiSRaid2 - ok
14:50:39.0329 5824 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
14:50:39.0332 5824 SiSRaid4 - ok
14:50:39.0388 5824 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
14:50:39.0390 5824 Smb - ok
14:50:39.0504 5824 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
14:50:39.0506 5824 spldr - ok
14:50:39.0563 5824 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
14:50:39.0569 5824 srv - ok
14:50:39.0605 5824 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
14:50:39.0610 5824 srv2 - ok
14:50:39.0634 5824 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
14:50:39.0637 5824 srvnet - ok
14:50:39.0737 5824 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
14:50:39.0740 5824 swenum - ok
14:50:39.0784 5824 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
14:50:39.0786 5824 Symc8xx - ok
14:50:39.0848 5824 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
14:50:39.0850 5824 Sym_hi - ok
14:50:39.0890 5824 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
14:50:39.0891 5824 Sym_u3 - ok
14:50:39.0981 5824 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
14:50:39.0988 5824 Tcpip - ok
14:50:40.0029 5824 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
14:50:40.0036 5824 Tcpip6 - ok
14:50:40.0079 5824 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
14:50:40.0081 5824 tcpipreg - ok
14:50:40.0126 5824 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
14:50:40.0129 5824 TDPIPE - ok
14:50:40.0167 5824 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
14:50:40.0169 5824 TDTCP - ok
14:50:40.0215 5824 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
14:50:40.0218 5824 tdx - ok
14:50:40.0257 5824 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
14:50:40.0262 5824 TermDD - ok
14:50:40.0349 5824 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:50:40.0351 5824 tssecsrv - ok
14:50:40.0402 5824 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
14:50:40.0404 5824 tunmp - ok
14:50:40.0486 5824 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
14:50:40.0508 5824 tunnel - ok
14:50:40.0569 5824 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
14:50:40.0571 5824 uagp35 - ok
14:50:40.0612 5824 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
14:50:40.0618 5824 udfs - ok
14:50:40.0677 5824 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
14:50:40.0679 5824 uliagpkx - ok
14:50:40.0719 5824 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
14:50:40.0722 5824 uliahci - ok
14:50:40.0780 5824 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
14:50:40.0782 5824 UlSata - ok
14:50:40.0819 5824 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
14:50:40.0821 5824 ulsata2 - ok
14:50:40.0877 5824 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
14:50:40.0879 5824 umbus - ok
14:50:40.0937 5824 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
14:50:40.0938 5824 USBAAPL - ok
14:50:40.0996 5824 usbbus (5353218b3265e3b8190335059f697a11) C:\Windows\system32\DRIVERS\lgusbbus.sys
14:50:40.0997 5824 usbbus - ok
14:50:41.0036 5824 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
14:50:41.0039 5824 usbccgp - ok
14:50:41.0077 5824 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
14:50:41.0079 5824 usbcir - ok
14:50:41.0126 5824 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\Windows\system32\DRIVERS\lgusbdiag.sys
14:50:41.0128 5824 UsbDiag - ok
14:50:41.0184 5824 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
14:50:41.0186 5824 usbehci - ok
14:50:41.0246 5824 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
14:50:41.0251 5824 usbhub - ok
14:50:41.0306 5824 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\Windows\system32\DRIVERS\lgusbmodem.sys
14:50:41.0307 5824 USBModem - ok
14:50:41.0343 5824 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
14:50:41.0346 5824 usbohci - ok
14:50:41.0393 5824 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
14:50:41.0395 5824 usbprint - ok
14:50:41.0439 5824 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
14:50:41.0440 5824 usbscan - ok
14:50:41.0487 5824 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:50:41.0490 5824 USBSTOR - ok
14:50:41.0562 5824 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
14:50:41.0563 5824 usbuhci - ok
14:50:41.0613 5824 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
14:50:41.0615 5824 vga - ok
14:50:41.0660 5824 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
14:50:41.0663 5824 VgaSave - ok
14:50:41.0696 5824 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
14:50:41.0698 5824 viaagp - ok
14:50:41.0738 5824 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
14:50:41.0740 5824 ViaC7 - ok
14:50:41.0775 5824 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
14:50:41.0778 5824 viaide - ok
14:50:41.0812 5824 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
14:50:41.0814 5824 volmgr - ok
14:50:41.0859 5824 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
14:50:41.0870 5824 volmgrx - ok
14:50:41.0915 5824 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
14:50:41.0919 5824 volsnap - ok
14:50:41.0973 5824 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
14:50:41.0975 5824 vsmraid - ok
14:50:42.0044 5824 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
14:50:42.0046 5824 WacomPen - ok
14:50:42.0086 5824 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:50:42.0089 5824 Wanarp - ok
14:50:42.0104 5824 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
14:50:42.0106 5824 Wanarpv6 - ok
14:50:42.0152 5824 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
14:50:42.0154 5824 wanatw - ok
14:50:42.0223 5824 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
14:50:42.0225 5824 Wd - ok
14:50:42.0284 5824 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
14:50:42.0293 5824 Wdf01000 - ok
14:50:42.0397 5824 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
14:50:42.0399 5824 WimFltr - ok
14:50:42.0546 5824 WINFLASH - ok
14:50:42.0726 5824 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
14:50:42.0728 5824 WmiAcpi - ok
14:50:43.0020 5824 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
14:50:43.0037 5824 WpdUsb - ok
14:50:43.0115 5824 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
14:50:43.0117 5824 ws2ifsl - ok
14:50:43.0207 5824 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
14:50:43.0208 5824 WSDPrintDevice - ok
14:50:43.0288 5824 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:50:43.0291 5824 WUDFRd - ok
14:50:43.0344 5824 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
14:50:43.0388 5824 \Device\Harddisk0\DR0 - ok
14:50:43.0412 5824 Boot (0x1200) (dc225b700fa83011581660fa93ee4fef) \Device\Harddisk0\DR0\Partition0
14:50:43.0429 5824 \Device\Harddisk0\DR0\Partition0 - ok
14:50:43.0448 5824 Boot (0x1200) (e4b4fb29f620065b237c0fd9db0516f3) \Device\Harddisk0\DR0\Partition1
14:50:43.0457 5824 \Device\Harddisk0\DR0\Partition1 - ok
14:50:43.0462 5824 ============================================================
14:50:43.0462 5824 Scan finished
14:50:43.0462 5824 ============================================================
14:50:43.0482 5924 Detected object count: 0
14:50:43.0482 5924 Actual detected object count: 0
14:51:25.0137 4056 Deinitialize success

aswMBR Log:
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-27 14:53:09
-----------------------------
14:53:09.321 OS Version: Windows 6.0.6002 Service Pack 2
14:53:09.322 Number of processors: 1 586 0x4F02
14:53:09.323 ComputerName: NEHA-PC UserName: Neha
14:53:39.477 Initialize success
14:53:40.720 AVAST engine defs: 11112700
14:54:11.607 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
14:54:11.614 Disk 0 Vendor: SAMSUNG_ JF10 Size: 152587MB BusType: 6
14:54:13.645 Disk 0 MBR read successfully
14:54:13.651 Disk 0 MBR scan
14:54:13.658 Disk 0 Windows VISTA default MBR code
14:54:13.671 Disk 0 scanning sectors +312496128
14:54:13.792 Disk 0 scanning C:\Windows\system32\drivers
14:54:33.307 Service scanning
14:54:35.001 Modules scanning
14:54:49.096 Scan finished successfully
14:55:00.645 Disk 0 MBR has been saved successfully to "C:\Users\Neha\Desktop\MBR.dat"
14:55:00.648 The log file has been saved successfully to "C:\Users\Neha\Desktop\aswMBR.txt"

OTL Log:
OTL logfile created on: 27/11/2011 2:57:15 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 55.75% Memory free
6.08 Gb Paging File | 4.79 Gb Available in Paging File | 78.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 55.12 Gb Free Space | 39.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.93 Gb Free Space | 49.29% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/27 12:50:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/09/06 15:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/13 06:20:00 | 000,041,296 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\waol.exe
PRC - [2011/01/13 06:19:58 | 000,045,392 | ---- | M] (AOL Inc.) -- C:\Program Files\AOL Desktop 9.6\shellmon.exe
PRC - [2010/03/08 02:27:49 | 000,041,800 | ---- | M] (AOL Inc.) -- C:\Program Files\Common Files\aol\1200518764\ee\aolsoftware.exe
PRC - [2009/09/03 09:50:06 | 003,327,488 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files\TurboHddUsb\TurboHddUsb.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 01:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\aol\acs\AOLacsd.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 21:30:22 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/10/14 12:25:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 21:45:55 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 21:44:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 21:38:43 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 21:36:41 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
MOD - [2011/10/13 21:36:23 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 21:36:20 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 21:35:40 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 21:34:58 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 21:34:47 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 21:34:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/13 06:20:01 | 000,048,640 | ---- | M] () -- C:\Program Files\AOL Desktop 9.6\zlib.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/09/06 15:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/05 06:17:24 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:22 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys -- (RapportIaso)
DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/09/14 08:58:10 | 000,225,592 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2011/09/06 15:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/09/06 15:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/09/06 15:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/09/06 15:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/09/06 15:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/09/06 15:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/02/04 10:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/03 09:50:10 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/09/03 09:50:06 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/07/14 17:54:00 | 009,557,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007/10/29 04:40:28 | 001,062,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/04/19 13:13:00 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvrd32.sys -- (nvrd32)
DRV - [2007/03/17 10:41:50 | 000,101,160 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2006/11/29 17:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 13:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Plasmoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "http://plasmoo.com/i...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ca"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Neha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/16 20:33:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/16 20:33:00 | 000,000,000 | ---D | M]

[2008/06/19 18:42:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Extensions
[2011/11/27 13:27:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions
[2011/10/14 10:27:13 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/09/22 10:48:21 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\extensions\[email protected]
[2009/03/13 17:47:14 | 000,001,632 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\live-search.xml
[2011/04/28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\Mozilla\Firefox\Profiles\pj9ftycq.default\searchplugins\plasmoo.xml
[2011/11/14 13:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/14 13:07:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}
[2011/11/05 01:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 20:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/11/14 13:07:06 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 20:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/11/04 22:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 22:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Neha\AppData\Local\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Neha\AppData\Local\Google\Chrome\Application\14.0.835.202\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Neha\AppData\Local\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Neha\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Neha\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AdBlock = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.4.23_0\
CHR - Extension: Browser Button for AdBlock = C:\Users\Neha\AppData\Local\Google\Chrome\User Data\Default\Extensions\picdndbpdnapajibahnnogkjofaeooof\0.0.13_0\

O1 HOSTS File: ([2011/11/27 14:36:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL Desktop 9.6\AOL.EXE (AOL Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A83CB25-9719-4FAF-9CFB-04D587A3997E}: DhcpNameServer = 205.188.146.145
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 14:52:39 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2011/11/27 14:49:03 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Neha\Desktop\tdsskiller.exe
[2011/11/27 14:43:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/27 14:43:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/27 14:15:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/27 14:15:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/27 14:15:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/27 14:14:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/27 14:14:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/27 14:14:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/27 14:12:16 | 004,309,802 | R--- | C] (Swearware) -- C:\Users\Neha\Desktop\ComboFix.exe
[2011/11/27 13:27:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/27 12:50:33 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2011/11/25 11:34:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BECD0A3B-9CCA-4F26-A52F-E1C137685911}
[2011/11/25 11:34:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{2EC36F31-7E35-4D9A-9628-5926369E3521}
[2011/11/24 11:33:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C81209D5-BD19-46F4-AD5D-B0256CB3E971}
[2011/11/24 11:33:18 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{FCE40A94-C62D-4C06-953B-B4E64F6B0D5C}
[2011/11/23 22:06:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{1374563D-9E84-4905-B02B-3C702B75532D}
[2011/11/23 22:06:07 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3A19F2D5-C76E-408B-B890-82521470300E}
[2011/11/23 08:45:58 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B9D48251-AFB8-446F-8632-2930E3E76D64}
[2011/11/23 08:45:54 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BA7F4BCB-CD7D-4F1D-8EC6-F59B8ECF360A}
[2011/11/22 07:36:49 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{04A831D6-E60A-4DF1-B7F5-412F144BE45A}
[2011/11/22 07:36:39 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B757EB50-6765-47B2-BFD9-B12CC10C8E8B}
[2011/11/21 07:00:31 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{0F84D4D1-FBFE-4D66-B76E-465D2169DB70}
[2011/11/21 07:00:21 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F93A8672-4575-4ED0-9780-D961EA32A08A}
[2011/11/20 11:35:48 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{950EFA04-CA0E-4611-967D-13A353D97FE3}
[2011/11/20 11:35:42 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{639E055D-E97F-463E-89CB-4275F36C1BB0}
[2011/11/18 07:14:24 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{754D6E9E-C0DA-4024-A1FD-7FA48D490323}
[2011/11/18 07:14:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3A3F9DD6-C9A2-49C5-B03B-92037C9624AF}
[2011/11/17 11:33:47 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{E2EDBA8D-02AA-4882-934E-0BACF82EC875}
[2011/11/17 11:33:43 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D693BFF8-6A96-41EB-953D-0F47E59F73F3}
[2011/11/16 20:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2011/11/16 20:33:02 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2011/11/16 20:33:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
[2011/11/16 20:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2011/11/16 20:32:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Roaming\HpUpdate
[2011/11/16 20:31:36 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPM9311.dll
[2011/11/16 20:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/11/16 20:28:35 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/11/16 20:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/11/16 20:08:38 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\HP
[2011/11/16 11:36:49 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EDDA101E-3461-4433-B172-9D9803FE4A64}
[2011/11/16 11:36:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{84C0BCC3-0409-4835-B10E-852A0CC98EAC}
[2011/11/15 11:36:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C124CF2B-501E-49CA-A944-AF944F655528}
[2011/11/15 11:36:10 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{769209FA-7270-4C4C-8F3F-49A1C408BE31}
[2011/11/14 18:30:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/14 18:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/14 18:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/14 13:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/14 13:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/11/14 13:07:27 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/11/14 13:07:27 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/11/14 13:07:27 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/11/14 11:30:06 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{A5D63B1D-48BF-4D7D-A482-77DA6CD2FDE8}
[2011/11/14 11:29:34 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EDF928F5-C182-4EBE-A971-54525B1AF574}
[2011/11/13 22:08:43 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C341E1CE-7CED-4355-A040-7C1CB3D1F691}
[2011/11/13 22:08:36 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EF6D09D5-128E-4641-9BEE-D2D7BF4C46EA}
[2011/11/13 11:34:54 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{73493EBB-CFAC-40E3-AFF4-9685DB087B74}
[2011/11/12 20:58:32 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{14985E97-CD6E-487D-8571-B7B69CEB2FEB}
[2011/11/12 20:58:22 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{F257F842-BFFD-416F-8992-46C390B0BECE}
[2011/11/11 08:33:06 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{A26718C3-BE4E-4854-99CD-AEEA30AC458C}
[2011/11/11 08:32:59 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{19A20338-B4D7-43E8-8839-3DBBE9126F5B}
[2011/11/10 11:06:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{9DE469EC-945D-4BD4-831D-A4006518BC81}
[2011/11/10 11:06:37 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{BC6BA3D9-B326-44B0-994B-13E85F96E09F}
[2011/11/09 20:47:30 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{07EF7A41-FAE0-4D32-B048-470455E631E5}
[2011/11/09 20:47:28 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{D81914FB-7B6D-48CF-A75E-E5E6034D94C3}
[2011/11/09 08:47:03 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{43E0E672-55C5-4CF7-8815-BCAFD014470E}
[2011/11/09 08:47:00 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{3FAA06D3-07C9-4634-AE99-1621765D384A}
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys
[2011/11/07 13:36:44 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\Trusteer
[2011/11/07 13:36:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Rapport
[2011/11/07 13:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2011/11/07 13:32:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2011/11/07 11:35:52 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{B7E5D967-E9CC-42BD-966B-F7C8194BF7A8}
[2011/11/07 11:34:41 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{0B809801-D880-429C-BACC-E3D843ACAC2B}
[2011/11/05 06:58:15 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{FE408156-78D8-40E1-8C30-F4B7BF4ECA95}
[2011/11/05 06:56:22 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{26D1BE06-5D81-4A4F-87E1-99BD3B49B8AB}
[2011/11/03 10:17:00 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{60BF999C-A1EB-4477-B7D5-E9567C843D4B}
[2011/11/03 10:15:11 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{96FA30EB-9C0E-4187-B4F4-C2E9C1DD096B}
[2011/11/02 20:59:29 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{7FEA9E6C-93AF-472D-AEC0-997F55C5C524}
[2011/11/02 20:59:00 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{6B863C29-9C54-440B-8007-E8C069FD1290}
[2011/11/02 07:50:20 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{340346EB-CE5A-47D2-B384-0369AEB937FC}
[2011/11/02 07:49:10 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{0B22FC1F-F302-48A5-9DC8-D3C1AE6DB908}
[2011/11/01 19:04:06 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Roaming\Yahoo!
[2011/11/01 10:14:32 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{EF1F2497-5C5A-49ED-898D-B5301026C016}
[2011/11/01 10:14:01 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{C6900884-EFC4-4340-B5C6-4E51627D1A23}
[2011/10/31 10:34:59 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{42FF808C-1F51-4F3A-9514-62C0FC3DF748}
[2011/10/31 10:33:40 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{44990589-CE35-402A-8C0D-5CC5A1AA6566}
[2011/10/30 11:34:25 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{582A8352-44F6-49F0-BE48-4DE8FB7DE77C}
[2011/10/30 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{8E9F0840-F2E5-4004-B510-B3726A42980F}
[2011/10/29 07:32:17 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{4F3D11A0-1F08-44AE-8FBF-94F0C223C33E}
[2011/10/29 07:31:14 | 000,000,000 | ---D | C] -- C:\Users\Neha\AppData\Local\{337B516C-1A9F-47A3-A830-2805E20E2609}

========== Files - Modified Within 30 Days ==========

[2011/11/27 14:55:00 | 000,000,512 | ---- | M] () -- C:\Users\Neha\Desktop\MBR.dat
[2011/11/27 14:52:46 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Neha\Desktop\aswMBR.exe
[2011/11/27 14:49:08 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Neha\Desktop\tdsskiller.exe
[2011/11/27 14:36:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/11/27 14:12:40 | 004,309,802 | R--- | M] (Swearware) -- C:\Users\Neha\Desktop\ComboFix.exe
[2011/11/27 13:52:35 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 13:52:32 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 13:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 13:51:46 | 3150,454,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/27 13:47:26 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/11/27 12:50:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Neha\Desktop\OTL.exe
[2011/11/27 12:45:56 | 000,430,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/11/24 16:47:36 | 000,030,672 | ---- | M] () -- C:\Users\Neha\AppData\Roaming\wklnhst.dat
[2011/11/19 07:41:19 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/11/16 20:11:54 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2011/11/14 21:09:52 | 000,611,664 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/14 21:09:52 | 000,109,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/14 18:30:40 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/14 13:22:50 | 000,000,806 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/11/14 13:07:05 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2011/11/14 13:07:05 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2011/11/14 13:07:05 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2011/11/14 13:07:04 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2011/11/14 12:56:29 | 000,001,704 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2011/11/09 23:25:11 | 000,000,872 | ---- | M] () -- C:\Users\Neha\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/11/09 23:25:11 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\Windows\System32\drivers\RapportKELL.sys

========== Files Created - No Company Name ==========

[2011/11/27 14:55:00 | 000,000,512 | ---- | C] () -- C:\Users\Neha\Desktop\MBR.dat
[2011/11/27 14:15:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/27 14:15:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/27 14:15:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/27 14:15:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/27 14:15:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/16 20:11:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/11/14 18:30:40 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/09 23:25:10 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/05/20 11:25:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/17 11:14:06 | 000,000,680 | ---- | C] () -- C:\Users\Neha\AppData\Local\d3d9caps.dat
[2009/11/04 11:58:41 | 000,217,088 | ---- | C] () -- C:\Windows\System32\avformat-50.dll
[2009/11/04 11:58:41 | 000,018,432 | ---- | C] () -- C:\Windows\System32\avutil-49.dll
[2009/11/04 11:58:40 | 001,984,512 | ---- | C] () -- C:\Windows\System32\avcodec-51.dll
[2009/09/24 06:53:14 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/24 06:53:14 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/02 15:10:18 | 000,000,029 | ---- | C] () -- C:\Windows\atid.ini
[2009/03/17 18:31:57 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/09/17 09:25:51 | 000,000,137 | -H-- | C] () -- C:\Users\Neha\AppData\Roaming\lakerda1967.sys
[2008/09/17 09:25:29 | 000,010,568 | ---- | C] () -- C:\Users\Neha\AppData\Roaming\docXConverter (3).ini
[2008/08/12 09:44:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/05 19:30:02 | 000,017,499 | ---- | C] () -- C:\Windows\System32\MSSDTMGTX61.DLL
[2008/01/16 17:49:09 | 000,030,672 | ---- | C] () -- C:\Users\Neha\AppData\Roaming\wklnhst.dat
[2008/01/16 16:25:15 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/01/16 16:22:44 | 000,092,672 | ---- | C] () -- C:\Users\Neha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/11 14:08:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/03/19 06:04:58 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResES.dll
[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResIT.dll
[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResFR.dll
[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResENG.dll
[2007/03/19 06:04:58 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResDE.dll
[2007/03/19 06:04:56 | 000,003,584 | ---- | C] () -- C:\Windows\System32\namResPTB.dll
[2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHC.dll
[2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResKO.dll
[2007/03/19 06:04:56 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResJA.dll
[2007/03/19 06:04:54 | 000,022,016 | ---- | C] () -- C:\Windows\System32\nam_page.dll
[2007/03/19 06:04:54 | 000,003,072 | ---- | C] () -- C:\Windows\System32\namResZHT.dll
[2006/11/10 17:02:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:44:53 | 000,430,744 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 05:33:01 | 000,611,664 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,109,112 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/03/08 17:40:12 | 000,210,944 | ---- | C] () -- C:\Windows\Msvcrt10.dll
[2004/03/08 17:40:12 | 000,057,344 | ---- | C] () -- C:\Windows\icmfilter.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\School:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Other:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\OneNote Notebooks:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Goldie's Folder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Neha\Desktop\Goldie Pics:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\My Downloads List1.ISO:Roxio EMC Stream
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3AEA6AF9

< End of report >

OTL Extras:
OTL Extras logfile created on: 27/11/2011 2:57:15 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Neha\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.94 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 55.75% Memory free
6.08 Gb Paging File | 4.79 Gb Available in Paging File | 78.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 55.12 Gb Free Space | 39.67% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.93 Gb Free Space | 49.29% Space Free | Partition Type: NTFS

Computer Name: NEHA-PC | User Name: Neha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013968D4-ECBE-441D-915F-6B70BD9C1364}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{069746CE-D36E-4B61-A674-F2688ACC1B66}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{075F1FBE-9FAA-4DD4-96F7-BB2E90F9904C}" = rport=138 | protocol=17 | dir=out | app=system |
"{1B51E66A-0458-4934-8900-CEACC86DE2D2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CA63133-92B8-4486-A991-81BF1091EB48}" = rport=445 | protocol=6 | dir=out | app=system |
"{2ECC9A63-CBB6-4639-8607-50D432B655C8}" = lport=138 | protocol=17 | dir=in | app=system |
"{2F687070-DFB7-4093-B63D-BD9EC48991AB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{454134CC-B163-428D-B973-87B71C45CB47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AD63E72-829F-4498-9EE3-E1137668AC90}" = lport=139 | protocol=6 | dir=in | app=system |
"{678AA400-7EEC-46C5-853F-ED5C776CE83F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7276EA81-EE13-4BD2-A169-4AE36FC3402E}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A09B8FC-D247-41CA-AA06-1891936D2205}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8EB88943-43DE-492B-94B6-057CC742245D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F685452-D4E2-429B-B707-0F825AEA8EF7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{91095EED-1CC5-4FCB-BC5B-3AB017BFA571}" = lport=137 | protocol=17 | dir=in | app=system |
"{9261AC15-BFE7-4C94-80F5-53400B7C4608}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93E38172-A2B1-421A-8501-026CED3D6878}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9546AD8B-2B48-40AC-AF25-CAD72682F3F7}" = rport=137 | protocol=17 | dir=out | app=system |
"{996E24C1-C62D-4E34-B680-5809E4FEB274}" = rport=139 | protocol=6 | dir=out | app=system |
"{BB35D350-9F58-43A2-85C3-E3F105C23612}" = lport=10243 | protocol=6 | dir=in | app=system |
"{BCE65467-AAA4-4BF5-BDD8-7DCD10AAB948}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BE0974FA-1E6F-4467-9E67-80F5AE1C6825}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BFC47231-7A8D-44DA-A2A9-06DC47249198}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CFA9223A-A170-4AE4-A160-B097DF93B1B9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{001CB2D4-9CE3-44E6-8F71-2644167AF459}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{014CA6FD-6243-4AA1-AE64-66ECCA960B7E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{0260E308-28B7-4704-ABDC-61FAA344BA8D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{06F7B525-BB49-43E0-921E-E820F35FA756}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{0B7F8CC8-C000-4971-91E3-7F40085085BC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{0C661D5F-D4BC-4D97-BA17-939904E0B6B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{15B65404-FEB1-4FB1-BDE9-2FAC3C006FE4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1200518764\ee\aolsoftware.exe |
"{15F08CE5-4B41-461C-A0AB-CBC936F61341}" = protocol=58 | dir=out | [email protected],-28546 |
"{19BE42DF-4357-4DFC-AC02-2460FE2A3C06}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F55333F-298D-4A7C-95A2-BBA4AE8C3CF9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F8B7BA6-D6FB-4492-82CF-8572BDFF503F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{22B935CA-F12C-4DBA-A07A-AEF6E1AF7841}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3196F17B-CE8E-420A-9592-010031DA14C3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37041720-4B58-4B3A-8ABD-FA3E613448BA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3AC23F75-8989-454B-8C8C-EE691CED0D3C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{40A11FCB-CD30-4010-9785-AEC62B620C23}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{413516A1-276A-4212-A9E6-79B7061B4456}" = protocol=58 | dir=in | [email protected],-28545 |
"{4BA48928-AE38-4FD7-88DA-D46E7A0D11ED}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{4C90023C-151D-442A-AD2E-A89051B4FB7E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{4DA37EF0-C3F6-48D1-814B-CB0CC8769D85}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\aol.exe |
"{5033E463-7DE3-4D63-A9A0-69F4F796C959}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{54066253-014C-46AA-81A7-3F30D13AE8D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5982BE8E-7038-4726-B74B-828668FAB9D0}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5D0E2E96-7522-4C3C-BEA2-EA2BB507A526}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6208BF4A-0001-4320-A755-D0BAA2879331}" = protocol=1 | dir=in | [email protected],-28543 |
"{6662909E-BCDD-4B02-9202-9152088657DA}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{6A01FEBA-47F5-47CA-805F-C2C6CB63D7EF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6A803F42-0B00-48CE-BFBF-28A67746563B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{6C389A6E-521E-4614-8BB5-1A1472785979}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\aol.exe |
"{6C766B62-F96D-484A-8583-E5879D03760C}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7786B1CC-4FF9-43CD-9C99-1C1861A1BD2E}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{8183CB5F-F9BB-454C-B04B-8116C494FE19}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{87027BF9-4389-4914-AE6D-5CD15CB3EC43}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
"{876BBDF7-B6BD-4B15-A9B1-9BB1B8700895}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1200518764\ee\aolsoftware.exe |
"{8E670B63-5A6B-4CCB-9E2A-7B9D6F801C3F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{919BC780-5BBB-4EC9-B2FB-78E500AE529C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9351194E-CC12-4CB3-87BA-0BA472DE5129}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{936908FD-F7A2-4DCA-9F2D-7D321E473DF3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{97F2731B-A0A3-493A-A55F-78BD5008A37F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C79286E-86D2-4D68-966A-477CA284098C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{9FD10955-CFDB-4855-8430-445BA5DC60AB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{A2626517-22D9-487F-8D99-AAE95F2E9A64}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{A527F0FD-5692-40FC-BC7F-A12DD0CFBEFF}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{AC1CE5B8-3901-4174-BB20-C2A47B10B65E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4FC0C8D-A41F-42DA-BB5B-E2EA7F953A89}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{B6C12BA8-8AA8-47BC-8B03-E7785CA52395}" = protocol=6 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{B85DC8D9-B4D2-4495-B6E9-2022E1ECF430}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B927303E-99CA-450B-9B50-0AAC2278642E}" = protocol=17 | dir=in | app=c:\program files\aol 9.1\waol.exe |
"{BDCCA442-1A39-42D3-BC85-C8DEF1538ABC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE10D116-24B0-4948-9916-5F539FA4FB16}" = protocol=6 | dir=out | app=system |
"{C16EB4F8-D627-4B66-AB07-ED2E878A1C6F}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe |
"{C28711CC-9707-4CEC-AA67-20D0C273E300}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1200518764\ee\aolsoftware.exe |
"{C36781E0-B348-4FD3-A6D5-62258904FF93}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C750639F-5539-4B05-A9C8-0880784B6962}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{CC87F0C9-6509-4BDA-87C4-668BA6DAFF16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE24841B-142D-43D5-A9F6-DACA58437065}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{D378417E-A0BE-48FD-AAE7-DD8CA455E17C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D7811609-C693-4169-85E4-B5F4D08288BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D937CF42-573A-478E-9EAF-2F84E39E21EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E1EDE59C-D190-4AFD-B88C-CDB815CDACD2}" = protocol=1 | dir=out | [email protected],-28544 |
"{E3E984DF-EC7D-448D-8906-BE43962AB9BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E711F05D-1004-4607-B383-2BB0DA7F07F8}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{EAA87DF1-D6C2-4FFE-B7EA-B91CB0CA6A4D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{EC21EF74-BF39-4465-A24F-4D3BD4525472}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EC705686-0C7A-4B92-84C7-247C43819220}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe |
"{ED2035C2-D39A-4243-B2EE-4ED2BEE98200}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ED43E924-A0DA-4ED4-A54E-BB63D4176380}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{ED7EF7D4-C040-458D-A861-A1CA8F0B4835}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1200518764\ee\aolsoftware.exe |
"{F29FDCB8-B91C-473C-9E19-3A2128B64608}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{F3AEC9EF-45FE-4FE0-9D8A-07B84376AB69}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{F45ABB89-F676-47F1-AA44-808B061FDFB3}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{F4A87CAC-CFB2-4213-BB3F-26C257313286}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FA912D6E-4E33-46EC-B51B-3E3B8F459E75}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{5690858B-0A76-4DA7-BAE1-BC588FAD7472}C:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe" = protocol=6 | dir=in | app=c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe |
"TCP Query User{667EA162-E872-4EED-B37F-4FA2AF046005}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{6DCCEE70-2BA6-4423-906E-42AB23441A2B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{896F6545-F813-4058-9DFE-E37F4772C6F6}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9DD42084-8FB2-46EA-B2B6-88A092E8933F}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{D77A8250-E6F6-48A5-B9D6-BDA0611DC9FF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{08FAED95-E56A-41F5-8CDC-4AEC83D60C0E}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{11C0B9A1-C983-42D8-951D-8B0CA595B72D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{2E8631C5-D57D-4EA5-9A2E-EF3A1206F10A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4FD25C15-C092-411A-A6B6-5B5510FD977C}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{5EB18FA0-CCF4-45ED-8D3C-63299753ACAE}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{DED05C0E-D6C9-4980-AF10-85834EE56D53}C:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe" = protocol=17 | dir=in | app=c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0564C76B-8E1F-4157-8654-B0F9F308BEE9}" = HP Deskjet 3050 J610 series Basic Device Software
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java™ 7 Update 1
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34E90074-C80C-4182-A995-65E88B5B56E0}" = HP Deskjet 3050 J610 series Product Improvement Study
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{759142E8-25B0-42AE-B408-4215065D3F4B}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9FE08B0-7804-43FF-8B90-04EEC285FFF6}" = Microsoft Office Live Add-in Patches
"{AA027AE9-DD20-4677-AA72-D760A358320B}" = Microsoft VC9 runtime libraries
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}" = AOL Mail and AIM Gadget
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Help
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AMDAway INF" = AMDAway INF
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Defraggler" = Defraggler
"Dell Support Center" = Dell Support Center
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"HP Photo Creations" = HP Photo Creations
"InstallShield_{EFAD4066-CAF3-4B27-9669-12EED352C376}" = NVIDIANetworkDiagnostic
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"Rapport_msi" = Rapport
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"TurboHddUsb" = TurboHddUsb
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 24/03/2008 10:03:33 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 05/04/2008 11:02:05 AM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:03 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:04 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:09 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:16 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 10/10/2009 4:37:20 PM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =

Error - 07/01/2010 8:25:47 AM | Computer Name = Neha-PC | Source = avast! | ID = 33554522
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/11/2011 3:32:00 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/11/2011 8:12:20 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 27/11/2011 8:12:06 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/11/2011 3:33:03 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by nehac, 27 November 2011 - 02:33 PM.

  • 0

#19
RKinner
Posted 27 November 2011 - 03:07 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Looks pretty good. Just a variation on this error:
http://www.itexperie...8-a06ad6d8b4d1/

Other than that I think we are done.


We need to cleanup System Restore:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#20
nehac
Posted 27 November 2011 - 06:30 PM

nehac

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts

Looks pretty good. Just a variation on this error:
http://www.itexperie...8-a06ad6d8b4d1/

Other than that I think we are done.


We need to cleanup System Restore:

Copy the following:


:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

e first step, and when running the fix the computer froze and nothing could be done for a really long time... Waited a while then forced shutdown (with the power button). Only to see the computer wouldn't start :( and kept getting the No Boot Device available message on the black screen.

Finally had to use my windows vista cd and tried repair (did not work) and then restored to an earlier check point (from yesterday). The computer took a really long time to load and is finally back up now.

Not sure what to do :(, kind of scared that it might mess up again
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP